iis security: [quoted text, click to view]

It's no trick, in fact it's the reccomended configuration.

[quoted text, click to view]

Yup (and btw it's called "authentication").
http://www.aspfaq.com/show.asp?id=2126

--
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsserver2003/community/centers/iis/

Suppose you have two Windows 2000 servers. One is running MS IIS, the other
is running the MS SQL Server. The IIS is accessible from the internet. Due
to security reasons the servers are not in the same domain, actually they
are standalone member servers.

For accessing the SQL from the IIS, a local account is created on the IIS
and on the SQL. Both accounts have identical names and identical passwords.
IIS is made to use the IIS-local account. And database-access is granted to
the SQL-local account. Under this scenario the ASP pages are able to access
the database.

Is this scenario a trick? Is it advisable to do so? Will it also work on
Windows Server 2003?

Michael G. Schneider

If you want this to work even if domains aren't the same and without using
the user/password trick on both machines, you should configure MDAC to work
with TCP/IP instead of Named Pipes.
Run cliconfg.exe to configure this.
This works for whatever version of windows you're running.

Hope this helps...

[quoted text, click to view]

"Gaah" <san_kikai@hotmail.com> schrieb im Newsbeitrag
news:O5vI%23mZ5DHA.3896@TK2MSFTNGP11.phx.gbl...

[quoted text, click to view]

You also name it a "trick". So it is no advisable to do so? And it might
break in the future?

I do not yet understand the "TCP/IP vs. Named Pipe" remark. How is
authentification done, if TCP/IP is choosen? Do userid/password have to be
inserted into the connection string?

Michael G. Schneider

In article <er3JneX5DHA.2348@TK2MSFTNGP10.phx.gbl>, mgs-AntiSpam@mgs-
software.de says...
[quoted text, click to view]

The account of the IIS box doesn't need to be known to the SQL server,
in fact it should not be known. Your ASP/ASPX pages are going to use a
DNSless (TCP/IP, not named pipes) connection - meaning they are going to
connect to the SQL Server using IP Address, Database Name, User Name,
Password, etc, from the connect object.

You have to run the SQL server in mixed mode - you do not want the IIS
Application to connect to the SQL server using a NT/Domain account user
name. Create a "User/Login" in SQL, assign the permissions needed for
accessing the database (DO NOT USE THE SA ACCOUNT), and then code that
into your IIS application.

Also, you are aware that in order for an IIS app to use a SQL server
that (in most cases) you need to have purchased a CPU license for MS SQL
server?

--
--
spamfree999@rrohio.com